Companies have turned to cyber insurance of late as a way to mitigate the risk, but this has become a more difficult proposition. From humble beginnings in the late 1990s, this subset of insurance has risen to gain more traction. It was worth $6.15bn globally in 2020, with expectations of a 25.3% CAGR from 2021-28 to reach $36.85bn.
Those firms hoping to hedge against cybersecurity risk with cyber insurance have a rough ride ahead of them, though. The rise in attacks and claims has driven insurers to become more stringent, imposing closer checks on their clients' cybersecurity measures. It has also driven up premiums and forced insurers to tighten payout limits. In the UK, more than 90% of clients experienced rises in cyber insurance pricing during the first half of 2022, according to a report from insurance broker Marsh.
If you do want to pursue cyber insurance, it will help you to follow these best practices:
Assess your risk
You can't buy insurance unless you know what you're covering. Assess your business’s risk profile, including the potential cost of a breach, to determine what coverage you need and what's an acceptable premium price. Factors to consider here include the type of data your business collects, stores, and processes and whether it falls under sensitive data controls as defined by the Information Commissioner's Office.
Research cyber insurance coverage
Not all cyber insurance coverage is equal. There are different kinds depending on the risk you want to cover. For example, first-party coverage handles the internal costs associated with responding to a data breach. Third-party coverage also covers the costs you might incur from others, such as customers who sue you for damages.
Get your cybersecurity operations in order
Insurers are more likely to ask questions about your cybersecurity operations, covering areas such as data encryption and access control. Be sure that you have solid answers for them to help increase their confidence in you. Without proof that you're taking the risks seriously, there's a chance that they might deny you a policy altogether.
Shop around
Once you understand the different types of coverage available, it's time to negotiate with the vendors. Contact several different insurance providers and ask for quotes for the type of coverage you need. Insurers have become more likely to include retention policies that force some of the risk back on the customer, so don't forget to read the fine print in these policies. Look for any exclusions, deductibles, or conditions that you didn't expect.
Keep reviewing
A cyber insurance policy isn't a one-shot deal. This risk area moves so fast that coverage can quickly become inadequate in some areas or too aggressive in others. An annual review of your risk, cybersecurity controls, and cyber insurance policy will help ensure that you keep your coverage appropriate to your budget and your risk.
The Marsh report suggests that cyber insurance premium prices fell in the first half of 2022 after an unprecedented rise in 2021, suggesting that they might have found a new level in the market - for now. Nevertheless, a maturing insurance subsector calls for a mature approach from clients to ensure that everyone gets the protection and compensation they deserve.
Get in touch with our experts at Probrand to learn more.